N Version of 10 December Certification scheme for energy management systems according to ISO

Transcription

1 Certification scheme for Energy Management Systems according to ISO Certification scheme for energy management systems according to ISO

2 Copyright SCCM All rights reserved. Nothing included in this publication may be made public, and/or reproduced by means of printing, photocopying, microfilm or any other method, without prior written permission from SCCM. Disclaimer Although the utmost care has been taken with this publication, errors and omissions cannot be entirely excluded. SCCM therefore accepts no liability, not even for direct or indirect damage occurring due to or in relation with the use of the content of this publication. Certification scheme for energy management systems according to ISO

3 Certification scheme for Energy Management Systems according to ISO 50001* Translation of N (Dutch), 10 December 2013 Replaces (Dutch) version of 7 December 2011 * This certification scheme is a translation of the originally Dutch-language certification scheme based on NEN-EN-ISO 50001:2011, the Dutch version of the European standard EN ISO 50001:2011. This European standard is identical to the international standard ISO 50001:2011. For the sake of convenience, this certification scheme will use the term ISO instead of NEN-EN-ISO 50001:2011. Certification scheme for energy management systems according to ISO

4 Contents chapter 1 1 Introduction 6 chapter 2 2 Interpretation of ISO General requirements Management responsibility Energy policy Energy planning Legal and other requirements Energy Review Baseline energy use Energy performance indicators Implementation and operation Competence, training, and awareness Design Purchasing of energy services, products, equipment and energy Checking Evaluating compliance with legal and other requirements Internal audit of energy management system Nonconformities, correction, corrective action and preventive action 13 chapter 3 3 Organization of the certification body Principles and general requirements Impartiality Competence Responsibility Openness Confidentiality Response to complaints Legal aspects Organizational structure within the CB Organizational structure and top management Committee for safeguarding impartiality Personnel within the CB Competence of management and personnel Personnel involved in the certification activities Use of external auditors and outsourcing 19 Certification scheme for energy management systems according to ISO

5 3.4 Information exchange between CB and third parties Publically accessible information Confidentiality Information exchange between a CB and its clients Management systems within the CB 21 chapter 4 4 Procedures used by the certification body General requirements Audit plan and audit team Audit time Audit reports Decision making Procedures for assessing compliance and continual improvement Compliance with legislation and regulations Review of continual improvement Procedures for dealing with incomplete or incorrect information Procedures for dealing with violations and dangerous situations Initial certification audit Application process and review Phase 1 audit (pre-audit) Phase 2 (initial certification audit) Initial certification audit conclusions and initial certification Surveillance activities General Surveillance audit Maintaining certification Recertification Recertification audit planning Recertification audit Information for renewing the certificate Special audits Suspension, withdrawal or reducing the scope of certification Appeals Records of applicants and certificate holders 39 annexes 1 Documents for pre-audit 40 2 Determining competence for ISO certification 41 3 Table of contents of NEN-EN-ISO/IEC Additional information 49 Certification scheme for energy management systems according to ISO

6 chapter 1 Introduction By entering into an agreement with the Association for the Coordination of Certification of Environmental and Occupational Health and Safety Management Systems in the Netherlands (SCCM), certification bodies (CBs) affiliated with SCCM can use this certification scheme, based on the worldwide standard ISO 50001:2-11 (ISO is the International Standards Organization, based in Geneva). This certification scheme was developed for environmental management systems by the SCCM Central Committee of Experts (CCE). The committee meets the requirements set by the Dutch Council for Accreditation (RvA). The CBs having an agreement with SCCM for use of this certification scheme are obliged to follow this scheme for certification based on the ISO standard. For the time being, SCCM has not requested to be designated by the RvA as the scheme manager for ISO Accordingly, RvA accreditation is not required for the ISO certification scheme. The intention is to have the scheme accredited in the future. The point when it is accredited will depend on the interest in this scheme and the importance the certificate acquires in areas such as relations with the government authorities. SCCM only enters into agreements with CBs with which it already has an agreement for using its ISO certification scheme. This accreditation for environmental and energy management systems is based on requirements from the following documents, in addition to ISO and standards: > NEN-EN-ISO/IEC ISO 17021, the standard that CBs must meet to certify management systems. > IAF MD 5:2009 (IAF Mandatory document for duration of QMS and EMS audits), Guideline for time schedules set up by the International Accreditation Forum (IAF) > EA 7/04, information from the European Cooperation for Accreditation about the element of the ISO standard on compliance with legislation and regulations. > EA 7/05 (EA Guidance on the Application of ISO/EC 17021:2006 for Combined Audits. The EA-7/05 describes how to deal with combined audits both in terms of content and time schedules (and ways to reduce time spent) The IAF MD 5, EA-7/04 and EA-7/05 can be downloaded from the SCCM website. SCCM strives for a high-value certificate with broad-based support, one that provides added value, particularly in the certified organization s relationships with those around it (government, customers, suppliers and neighbours). To this end the CCE of SCCM consists of representatives from industry and business organizations, various government authorities and civil society groups. Certification scheme for energy management systems according to ISO

7 The certification scheme consists of the following three parts: > The interpretation of the ISO standard. > The organization of the CB. > The procedures used by the CB. Chapter 2 contains the interpretation of the ISO standard drawn up by the CCE. Chapter 3 shows the requirements for the CBs set by the CCE. Chapter 4 contains additional requirements and interpretations with regard to the CB s procedures. The contents of the NEN-EN-ISO/IEC 17021:2011, the IAF MD 5, the EA-7/04 and the EA-7/05 form the basis for both chapters 3 and 4. In drawing up the ISO standard, the point of departure is that the energy management system leads to actual changes in the organization. This will also demonstrate that the system works. The standard therefore places greater emphasis on documenting the various elements of the management system than on the presence of written procedures. The certification scheme of 7 December 2011 has been added concerning the determination of significance of equipment. See 3 th paragraph of section Certification scheme for energy management systems according to ISO

8 chapter 2 Interpreting ISO General requirements (ISO section 4.1) An organization must document the scope and boundaries of its energy management system. The CCE has defined the following key points: > The organization must document which of its organization(s) and operations, products or services the energy management system applies to. > Scope is understood to mean the breadth with which the energy consumption in the system is controlled (for example, to what extent energy use by third parties such as transport of personnel is covered under the system). > To define the scope, it is recommended to use the approach described in the ISO standard (scopes 1,2 and 3). The advantage of using this approach in the Netherlands is that the categories are the same as those in the CO2 performance scale of the SKAO (Climate-friendly Contracting and Entrepreneurship Association). > The GHG protocol section on A Corporate Accounting and Reporting Standard, chapter 3 Setting Organizational Boundaries and chapter 4 Setting Operational Boundaries can be consulted to supplement the standard. > As a minimum, scope 1 (the direct energy consumption by sources that are property of or controlled by the organization) and scope 2 (consumption of purchased electricity) must be incorporated. It must be clear to what extent scope 3 (indirect emissions arising from third parties) falls within the system. Energy consumption related to transport of persons and goods is usually included. > No form of energy may be excluded from the scope. > It must be clear how any energy generated by the organization (such as co-generation facilities) is part of the energy management system. This is especially the case if installations are shared with other companies and/or belong to a separate legal entity. > If the organization to be certified is also ISO certified, it is important that it be clear to what extent the areas of application of the environmental and energy management systems overlap. According to the CCE, the clause in 4.1c) can be considered an introductory sentence, a requirement that is met if the various sections of the standard are adequately implemented. Certification scheme for energy management systems according to ISO

9 2.2 Management responsibility (ISO section 4.2) According to 4.2.1b), top management is required to appoint a management representative. According to the CCE, final responsibility for the energy management system must lie with an employee at the highest level within the organization. The carrying out of tasks can be delegated to the management representative. Sections b) and mention the management representative and energy management team. According to definition 3.10, the team may consist of just one person. According to the CCE, these two positions or roles may be filled by the same person. As far as the energy management team is concerned, it is essential that it be formed by key people in the organization capable of promoting awareness about energy. In h) the subject of energy is linked to long-term planning. If a long-term plan is drawn up, it must include the subject of energy. The CCE stresses the importance of long-term planning, since reducing energy consumption often goes along with investments which yield over the long term. For many organizations, a strategic view of investments and their own operations is necessary to achieve substantial changes. Section indicates that the management representative must have appropriate skills and competence. According to the CCE, the necessary skills and competence of the management representative are determined by such factors as the size of the organization, its energy consumption and the nature of energy users. The importance of organizational and process-related skills will be greater for the management representative of larger organizations (with a substantial energy consumption). Others in the organization can be called upon for technical knowledge and skills. Technical knowledge and familiarity with the production process will often be more important in smaller organizations. 2.3 Energy policy (ISO section 4.3) The energy policy can be integrated in other policy documents, such as an environmental policy statement. Key points are: > If the environmental policy statement is used, the organization must realize that although some of the requirements overlap, there are additional requirements (such as 4.3 c, commitment to information and means, and 4.3.f, support for purchasing energy-efficient products and services and designs). > Section 4.3 e) requires that the energy policy can serve as a framework for establishing and assessing energy objectives and targets. 2.4 Energy planning (ISO section 4.4) Section (General) can be considered introductory information. It can be considered satisfied if the requirements in through have been satisfied. The standard distinguishes between energy consumption (the amount of energy used), energy use (how the energy is used, for example, for ventilating, heating, processes etc.) and energy sources (electricity, fuels, heat etc.). Certification scheme for energy management systems according to ISO

10 2.4.1 Legal and other requirements (ISO section 4.4.2) Examples of relevant legislation, regulations and other requirements in the Netherlands are: > The Activiteitenbesluit or Activities Decree (implemented in 2008) (including general requirements under art. 2.1 regarding duty of care and 2.6 energy saving, as well as specific requirements for certain kinds of installations); > Long-term agreement on energy efficiency (MIA-3); > Long-term agreement on energy efficiency for companies under the Emissions Trading Scheme (MEE); the European Emissions Trading Scheme (EU-ETS); > BREF s (Best Reference documents from the IPPC of Directive Industrial Emissions) > Obligations under agreements with third parties (such as the CO 2 performance ladder scale) According to the standard, the organization must establish how the legal and other requirements apply to its energy consumption, use and efficiency. In the opinion of the CCE, this means that an organization must have an overview of the concrete requirements that apply to its energy consumption, use and efficiency. This overview is important for performing the evaluation of compliance with legislation and regulations (art 4.6.2). The organization must periodically assess whether there are new environmental legislation and regulations that apply, or if existing legislation and regulations have changed (EA-7/04- art ) Energy review (ISO section 4.4.3) The methodology and criteria used for an energy review must be documented. The following may be useful for setting criteria: > what size energy sources are included; > when is energy metered and when not; > when a user is considered significant; > how far back in time is information gathered; > frequency and/or criteria for updating the energy review. The energy review in is made up of an analysis of the main sources of energy consumption (for the organization as a whole, from various energy sources) and energy use in 4.4.3a), and a more detailed analysis identifying the facilities, equipment or processes having a significant influence on energy consumption. The significance can be determined on the base of the scope of the consumption and/or the capability of improving the energy performances. By also involving the capability of improvement in the determination of the significance, it will prevent that relatively small consumers (for example electric motors) will be overlooked. Also in section C the CCE expects that all energy users with substantial capability of improvement will be involved, including smaller users, that are not significant based on scope but on the capability of improvement. Any energy the organization generates and any residual heat used should also be included when identifying consumption and use. Certification scheme for energy management systems according to ISO

11 Various other instruments can be used for the energy review, including: > EVA (Dutch language energy-use analysis 1 ; > energy balance. The CCE assumes that there is sufficient depth in the analysis in the first point under b) that an organization has identified at least 80% of its energy consumption (up to the level of energy source linked to an installation). Metering and/or calculating consumption on the basis of specifications can give insight into consumption. Combining energy consumption with energy use gives the energy balance. The energy review is primarily concerned with current consumption. If a baseline is used based on data from the past, the energy review must relate to developments after that point. A long-term view is also necessary in order to identify the opportunities for reducing energy consumption and/or using alternative energy sources (see also h). This will involve the products/services, processes whether self-managed or not, and energy sources used. In this regard, it is important that there be an idea of the life span of facilities, so that alternatives can be found in a timely manner. For example, the use of such technologies as residual heat (from an internal or external source) requires preparation and planning. The other variables (listed in b) second point) are understood to mean: > capacity utilization/scope of production > weather conditions; > condition (e.g. leaks, adjustments); > stopping operations for such reasons as major maintenance. Depending on the chosen scope (see 4.1), data will also need to be collected to determine the energy consumption connected to products or services purchased from third parties. One example of this is outsourced services for transporting goods and/or people Baseline energy use (ISO section 4.4.4) An organization can have more than one baseline for energy use, for example one for each source. There must be criteria which support the choice for the year used as the baseline. The calculation methods for the baseline, including any corrections made or hypothetical assumptions used, must be documented. Corrections may be necessary if, for example, the organization contracts out or divests itself of operations. The chosen baseline(s) must cover at least 80% of the total energy consumption Energy performance indicators (ISO section 4.4.5) The energy performance indicators (EPIs) formulated in accordance with this section of the standard are the basis of the monitoring requirements in EPIs must be chosen such that they can actually provide guidance for energy use. EPIs may consist of a parameter (absolute energy use), energy use per unit (such as a work day, weekend day, time to manufacture a product, shift) or a multivariable model (E=A*x+B*y+...) in which variables can be size of production, outside temperature or another variable. 1 Downloadable from VerbruiksAnalyse_ pdf Certification scheme for energy management systems according to ISO

12 2.5 Implementation and operation (ISO section 4.5) Competence, training and awareness (ISO section 4.5.2) This section concerns the people who can influence energy use directly or indirectly through their behaviour and/or work tasks. A distinction can be made between the following groups: > Operators and production personnel directly involved with significant energy users; > Technicians involved in development and maintenance (both internal and external) of significant energy users; > Transport planners; > Purchasers; > Support service providers (cleaning, security); > Management at different levels in the organization having influence on the groups listed above Design (ISO section 4.5.6) The terms modified or renovated facilities, equipment, systems and processes must also include maintenance and the replacement of parts. In developing new products/services, the impact on energy use in their production or delivery (including any purchasing) must be included in the design in advance. New products or services may also result in an increase of energy consumed in their production or delivery. If these differences are significant, the organization must be able to justify their necessity (for example, increased consumption during production may be offset by lower consumption during use) Purchasing of energy services, products, equipment and energy (ISO section 4.5.7) This article is concerned with the purchasing of energy services, facilities and energy connected to the organization s own production and delivery and not, for example, the purchase of products (such as raw materials, parts, semi-finished products) or the contracting out of certain operations. Annex A 5.7 makes reference to the possibility of using the energy management system in the production chain. However, this is not mandatory. Organizations in the Netherlands that are part of either the MJA or MEE long-term covenants on energy are indeed obligated to consider their energy consumption in the chain. The energy management system can be used to ensure these levels. In buying the production inputs it is important to consider the energy consumption and costs over the entire life cycle in decision making. For example, a larger investment may be earned back over the long term. Factors such as maintenance costs can also have an influence (Total Cost of Ownership). Examples of specifications for energy purchasing are: > General: opting for the best available technologies; > Replacing electric motors with class IE3, Premium efficiency; > Purchasing green electricity. Certification scheme for energy management systems according to ISO

13 2.6 Checking (ISO section 4.6) Evaluation of compliance with legal requirements and other requirements (ISO section 4.6.2) An organization must periodically evaluate its compliance with every applicable requirement of applicable legislation and regulations, and if the organization is aware of its compliance status. The organization must be able to use the energy management system to identify its compliance status (EA-7/04 art ). According to the CCE, the evaluation is an operation with a different goal than the internal audit and management review. Performance of this evaluation must be verifiable. One instrument which can be used to evaluate compliance is the compliance audit. The internal audits must evaluate whether the procedure for evaluating compliance also functions properly. The results are incorporated in the management review. The frequency with which an evaluation of compliance is performed depends on the chances of nonconformities, and the potential effect of the nonconformity on a legal requirement. This will differ for each requirement. The higher the risk connected to a given requirement, the more frequently the evaluation must be done and the more rigorous the method must be. The organization will have to determine this for the various legal requirements. Not all requirements necessarily have to be evaluated each year, for example, facilities not subject to changes, or nonconformities that have no direct effect. Ultimately, the organization will have to be able to make a supported statement about its own compliance during the annual management review Internal audit of the energy management system (ISO section 4.6.3) Internal audits for ISO and ISO may be combined. If they are, it is important that the elements specific to ISO are explicitly dealt with and that the auditors are qualified to audit them Nonconformities, correction, corrective action and preventive action (ISO section 4.6.4) Nonconformities can occur at various levels: > The management system s meeting the ISO standard. > Working in accordance with the procedures, instructions and planning laid down in the management system. > Achieving the objectives laid down in the system. Certification scheme for energy management systems according to ISO

14 chapter 3 Organization of the certification body To be accredited to perform certification work, a CB must meet the NEN-EN-ISO/IEC ISO 17021:2011 standard Conformity Assessment - requirements for bodies providing audit and certification of management systems. The ISO contains both structural and procedural requirements. The CCE can interpret these requirements where necessary and can set additional requirements. Chapters 1 through 8 and 10 of the ISO contain organizational requirements. The most important requirements from these chapters are summarized in this chapter of the certification scheme. Any interpretations or additions by the CCE are in text boxes. In evaluating compliance with this certification scheme, the text of the NEN-EN-ISO/IEC ISO 17021:2011 (and not its translation into this certification scheme), along with the text in boxes in this document, is binding. 3.1 Principles and general requirements (ISO chapters 4 and 5) The aim of ISO certification is to give all interested parties the confidence that the energy management system meets all the requirements. The value of certification is determined by the confidence of parties in, among other things, the impartiality and competence of the certification body. The following aspects play an important part with regard to confidence in the certification body Impartiality (ISO sections 4.2, 5.2 and 5.3) A CB s impartiality can be at issue in several ways, for example if the CB or people within it have interests or too-close contacts with the client after an earlier assignment. The ISO recognizes that the fact that a CB is paid by the organization to be certified constitutes a potential threat to its impartiality. It is therefore essential that a CB can use objective evidence to make its decisions as to whether or not requirements are being met. The decisions made on the basis of this evidence must not be influenced by other interests or parties. The requirements for a CB include the following: > It must have a publicly accessible statement in which the CB s management assures its commitment to impartiality and objectivity. > The CB must identify, analyze and document all potential threats to its impartiality. These threats can be related to both the organization and people within it. Action must be taken to eliminate or minimize potential threats. All information must be submitted to a committee created by the CB in which all interested parties are represented (see ISO section 6.2). Certification scheme for energy management systems according to ISO

15 > The CB must regularly evaluate its financing and income sources to demonstrate to this committee that there is no commercial, financial or other pressure influencing its impartiality. > The CB, or a division within the same legal entity, may not offer or provide consultancy services in the area of management systems. > The CB or a division within the same legal entity may not offer or perform internal audits for clients being certified. Clients for whom the CB has performed internal audit services may not be certified by this CB for two years afterwards. > The CB shall not outsource certification work to consultancy firms working with management systems. This requirement does not apply to individuals who are hired as auditors. > The CB may not use personnel for certification work who have been associated with the company to be certified during the previous 2 years. Personnel may not have been involved as consultants for the organization to be certified about either its energy management system or any other management systems. If an employee has worked for the CB for less than two years, or works part-time for the CB, the CB must make sure that this person is not, and has not been, a consultant for the organization to be certified. Performing a pre-audit is not considered consultancy as long as it only involves an evaluation of the implemented system, and no advice is given about rectifying eventual violations or non-compliance. > The CB must require both in-house and external personnel to inform the CB of situations that may possibly constitute a conflict of interest with them or the CB Competence (ISO section 4.3) Competence is the demonstrated capacity to apply knowledge and skills. Competence is a basic requirement for personnel entrusted with performing certification work. Section 3.3 has more information on the required competence Responsibility (ISO section 4.4) The client organization, not the certification body, has the responsibility for meeting the requirements for certification in the standard. The certification body has the responsibility to gather sufficient objective evidence upon which to base a certification decision. Since every audit is based on sampling, a CB cannot guarantee 100% conformity Openness (ISO section 4.5) A CB must provide public access to information about the audit and certification process and the status of issued certificates (including suspensions, withdrawal and changes of scope). The requirements are elaborated in section 3.4. To provide confidence in certification, a CB should provide appropriate groups with information (as far as confidentiality permits) about the conclusions of certain audits (for example, those resulting from complaints). Certification scheme for energy management systems according to ISO

16 3.1.5 Confidentiality (ISO section 4.6) To gain the privileged access to information that is needed for the certification body to assess conformity to requirements for certification adequately, it is essential that a certification body keep confidential any proprietary information about a client Response to complaints (ISO sections 4.7 and 9.8) Adequate handling of complaints is important for creating confidence in certification, as well as for the protection of both certified organizations and other users of certification. The requirements for a CB include the following: > It must have a publicly accessible complaint procedure. > The complaint procedure contains at least the following: a description of the process of receiving, evaluating and investigating the complaint; the procedures for tracking and documenting of complaint, and the action taken in response; and procedures for ensuring that corrective action is taken. > The decision in response to the complaint must be taken by a person (or persons) not previously involved with the subject of the complaint. > If possible, complainants must be kept informed about the receipt of the complaint, handling process and the outcome. > The CB must determine if, and to what degree the complaint and resolution are made public, in consultation with the client and the complainant. The CB must inform SCCM as soon as possible, but in any case within two weeks, of complaints submitted by third parties (i.e. not objections from organizations certified by the CB) about a certificate it has issued. SCCM will report the number and nature of the complaints in its annual report Legal aspects (ISO sections 5.1 and 5.3) A CB must meet the following legal requirements: > The CB must be an independent legal entity or a clearly defined part of a legal entity, so that it can be legally responsible for its activities. > The CB must have a contract with its clients on the basis of which the agreements about performing certification work are also legally enforceable. If the CB has multiple offices or if the client has multiple certified locations, the contract will apply to the office that awards and issues the certificate and to all sites covered by the certificate. > The CB must evaluate the risks associated with performing certification work and take action (such as insurance and financial reserves) to cover any eventual liabilities. Certification scheme for energy management systems according to ISO

17 3.2 Organizational structure within the CB (ISO chapter 6) Organizational structure and top management (ISO section 6.1) The CB shall document its organizational structure, showing duties, responsibilities and authorities (of personnel, management and committees). If the CB is one part of a legal entity, the structure shall include the line of authority and the relationship to other parts within this legal entity. The ISO section lists nine areas for which top management is responsible Committee for safeguarding impartiality (ISO section 6.2) > The structure of the CB must be such that it safeguards the impartiality of the various certification activities. A committee must be appointed for this purpose, and the various interested parties must be invited to take part. > The committee assists and advises in developing policy having to do with impartiality and creating confidence in certification activities. The committee shall counteract any commercial or other considerations which stand in the way of working impartially. > At least once a year, the committee performs an assessment of the CB s impartiality in its performing audits, certification and its internal decision-making processes. > The CB must document the composition, duties authorities, responsibilities and competence of its members. The committee must have the right to undertake independent action, for example, by informing authorities, accreditation bodies and stakeholders, if management does not respect the committee s recommendations. In doing so, however, the committee shall take into consideration the confidentiality requirements in 8.5. Every CB must have its own committee. The committee s work is independent of the work of SCCM. 3.3 Personnel within the CB (ISO chapter 7) Competence of management and personnel (ISO section 7.1) > The CB must have a process for ensuring that personnel have relevant knowledge for certifying energy management systems and the geographic areas in which it operates. > The CB shall determine the competence necessary for all relevant technical areas, and for each function in the certification activity. > The CB shall determine the means for demonstrating competence to perform particular functions. The ISO makes an explicit distinction between the following positions: > Top management. > Audit team leader. > Auditors. > Decision maker(s). > Competence evaluator (for assessing competence of auditors and other personnel). Certification scheme for energy management systems according to ISO

18 Annex 2 shows a system for determining the necessary competences for the relevant positions in the organization. A CB can use the system described in annex 2 or its own system if it provides comparable results. A CB must have available the expertise to carry out a contract review and must be able to demonstrate it is capable of performing the following: > Defining the operations and processes of the organization wanting certification. > Defining the most significant energy users connected to the operations and processes of the organization wanting certification. > Define to what degree the necessary expertise is actually available Personnel involved in the certification activities (ISO sections 7.2 and 7.4) The requirements in ISO include the following: > The CB must have personnel within its own organization with sufficient competence to organize the certification of energy management systems. > The CB must have enough available auditors (internal or external), including technical experts and audit team leaders, to perform all activities and all of the audit work. > The CB must have a defined process for selecting, training and formally authorizing auditors and technical experts used in certification activities. > The CB must have a demonstrably effective auditing process, including the use of auditors and audit team leaders with general auditing skills and knowledge as well as skills and knowledge for auditing in specific technical areas. > The CB must ensure that auditors are kept up to date about all certification requirements, audit standards and other relevant requirements. The CB must identify its training needs and offer training opportunities. > Auditors and technical experts may only be used in areas for which they have demonstrated competence. > The person or group taking the decision whether to certify must be familiar with the ISO standard and requirements for certification and must be demonstrably competent to evaluate audit processes and evaluate the conclusions of an audit team. > The CB must have documented procedures for monitoring and measuring the performance of both individual auditors and other personnel. These procedures include evaluating audits, periodically observing audits in practice and asking clients for feedback. > The CB must maintain records for auditors, management and administrative personnel with information about, among other things, relevant qualifications, training, experience, competence and all relevant consulting activities. Certification scheme for energy management systems according to ISO

19 3.3.3 Use of external auditors and outsourcing (ISO sections 7.3 and 7.5) > The CB shall have external auditors and technical experts sign a written agreement committing themselves to the CB s policy and procedures. The agreement shall address the aspects of confidentiality and independence from commercial and other interests. The statement shall require external auditors and experts to inform the CB of existing or former contacts with an organization they are assigned to audit. > The CB has a process describing the conditions under which services may be outsourced. Outsourcing may be understood to mean subcontracting to another organization to provide part of the certification activities on behalf of the certification body. The CB will draw up a legally enforceable contract for each body providing outsourced services in which these agreements, including confidentiality and possible conflict of interest, are dealt with. This does not apply to external auditors and experts who are under contract. > Decisions about awarding, maintaining, renewing, suspending or withdrawing a certificate cannot be outsourced. > The CB remains responsible for all activities outsourced and must ensure that both the body that provides outsourced services and the individuals working for it meet the requirements of the CB and of ISO 17021, also with regard to competence, impartiality and confidentiality. > The CB has documented procedures for qualification and monitoring of all bodies that provide outsourced services which it uses for certification activities. The CB shall ensure that information about the competence of auditors and technical experts is kept up to date. 3.4 Information exchange between CB and third parties (ISO chapter 8) Publicly accessible information (ISO sections 8.1, 8.2, 8.3 and 8.4) > The CB shall make information publicly available (or provide it on request) about the certification process, certification activities and geographic locations where certification activities are being provided. > The certificate will include the name of the certified organization and location of its head office, dates of granting and expiry, unique identification number, scope of the certificate, name and address of the CB, the standard used as the basis for the certificate and the name of the accreditation body. > The CB shall make information public about certificates it has awarded, suspended or withdrawn. The CB shall maintain a list of valid certificates and make this list public (if it chooses, on request). As a minimum, the list shall show the name, standard, scope and geographical location (such as city and country) for each certified client. > If requested, the CB shall provide information in order to demonstrate the accuracy of a certificate it has issued. Certification scheme for energy management systems according to ISO

20 The CBs must include on the certificate the fact that the certificate was issued on the basis of the SCCM certification scheme. A copy of the certificate or a modified certificate must be provided to SCCM immediately. SCCM publishes the certificates on the Internet. The following apply to suspension or withdrawal of a certificate: > SCCM shall be informed immediately if a certificate has been suspended, and will indicate the suspension on its Internet database. > If the CB withdraws a certificate, it will inform SCCM of the withdrawal as soon as possible, but in any case within 1 week. SCCM will remove the certificate from its directory of certified organizations. The information on the certificate must make it clear to potential users which organization is certified for what activities, and must not be misleading. In particular: > The name of the organization as it appears on the certificate must correspond with the level of hierarchy at which the management review is performed. The name of the organization on the certificate may have a lower hierarchical level but not a higher one. > The scope contains a concise description of the operations of the organization covered by the certificate. This description may not contain value judgements. It is recommended that it be made clear whether all or some of the organization s operations are covered by the certificate. > Branches of the organization at other addresses and/or cities will be included on the certificate in such a way that they are traceable. > If there is a need to indicate in more detail what the ISO certificate relates to (such as addresses of branch offices, names of products or services) there can be a reference on the certificate to an annex, certified by the CB, with this information Confidentiality (ISO section 8.5) > The CB shall have a policy, arrangements and legally enforceable contracts to safeguard the confidentiality of the information it has acquired at all levels of the organization. > The CB shall inform the client in advance about information it will make public. All other information will be treated as confidential information. > Unless required by the international standard, information about a particular client or individual may not be given to third parties without written permission from the client or individual concerned. If the CB is legally required to pass confidential information on to third parties, it will inform the client or individual in advance, unless this violates the law. > Information about the client from sources other than the client (for example, complaining parties, enforcement authorities) shall be treated as confidential information, in accordance with the CB s policy Information exchange between a CB and its clients (ISO section 8.6) The CB must provide clients with the following information: > a detailed description (including normative requirements) of the various steps in the certification process (application, initial audits, surveillance audits, decision-making process, changes of scope, suspension and withdrawal of certificates; complaint procedures and recertification) including the costs of the activities. > changes in the requirements for certification. The CB shall monitor compliance with the new requirements by all certificate holders. Certification scheme for energy management systems according to ISO

21 The CB must arrange with certificate holders that they immediately provide all information that could influence the functioning of their energy management system or their compliance with the ISO standard. These include the following changes: > legal, commercial or organizational status or ownership. > organization and management (for example, key management positions or technical staff). > contact address and sites. > scope of production under the certified management system. > major changes in the management system or processes. The organization with a certified energy management system is responsible for continuing to comply with all requirements. If this is no longer the case, the organization itself must report this to the CB. This is not a question of nonconformities identified in internal audits, for example, which can be solved quickly, but of nonconformities of a structural nature and which have or can have consequences for the environment or its neighbours such that complaints or action from the authorities can be expected. See also section 4.6, which discusses nonconformities for which a CB must perform an additional interim audit. 3.5 Management system within the CB (ISO chapter 10) The CB must have a management system meeting the ISO 9001 standard or the requirements as they appear in section 10.3 of the ISO The management system must aim to meet the requirements of clauses 5-9 of ISO and demonstrate their application. Certification scheme for energy management systems according to ISO

22 chapter 4 Procedures used by the certification body A CB wanting to be accredited for performing certification must meet the NEN-EN-ISO/IEC ISO Conformity Assessment - requirements for bodies providing audit and certification of management systems. The ISO standard contains requirements for both the CB s organizational structure and procedures. The CCE can provide an interpretation of these requirements, where necessary, and may set additional requirements as well. Chapter 9 of ISO contains requirements related to the procedures used during the certification process. The most important requirements from these chapters are summarized in this chapter of the certification scheme. Any interpretations or additions by the CCE are in text boxes. In any assessment by the Council for Accreditation (CA), the text of the NEN-EN-ISO/IEC ISO 17021, in connection with the boxed texts in this document, is binding. Certification bodies must satisfy the EA-7/04 Legal Compliance as a part of Accredited ISO 14001: 2004 certification. The EA-7/04 lays down the way in which the CB must evaluate elements of the ISO standard related to compliance with legislation and regulations. According to the CCE, the EA-7/04 also applies to legislation and regulations related to energy. 4.1 General requirements (ISO section 9.1) The certification process consists of an initial audit (which has two phases), surveillance audits in the first and second years and a re-assessment in the third year before the certificate expires. The three-year cycle begins with the decision to certify (or re-certify). The details of the audit programme and the adjustments to the programme will vary depending on the size of the client s organization, the scope and complexity of the management system, products and processes, as well as on the demonstrated level of effectiveness of the management system and the results of previous audits. These audits may also be audits done by the certification body for other areas Audit plan and audit team (ISO sections 9.1.2, 9.1.3, 9.1.6, 9.1.7, and 9.1.9) The following apply with regard to the audit plan: > The CB will ensure that an audit plan is drawn up for each audit to provide the basis for planning and carrying out of the audit activities. This involves all the audits mentioned in 4.2, 4.3, 4.4 and 4.5. The audit plan is based on documented requirements of the CB. As a minimum, the audit plan will contain the objectives, criteria and scope of the audit, the amount of time to be spent, the dates and locations to be inspected. Certification scheme for energy management systems according to ISO

23 > The CB will inform the client of the names (and backgrounds, if it so desires) of the members of the audit team. The client must be given sufficient time to respond so that the CB has sufficient time to change the members of the team, if there is a good argument for doing so. > The audit plan and the dates agreed for the audit will be communicated to the client in advance. The CB must submit an audit plan in writing (by post, fax or ) to the organization to be certified at least one week before an audit is held. The CB has a process for selecting and appointing the audit team, including the audit team leader, which takes into account the competence necessary to achieve the objectives of the audit. In addition to the audit plan, factors such as whether audits are being combined, and the language and culture and involvement of auditors in previous audits must be considered. In selecting the members of the audit team, the CB must use the qualifications based on the competence analysis performed for the client concerned, using the system in Annex 2. The tasks to be given to the audit team shall be defined and made known to the client, and shall require that the audit team: > examine and verify the structure, policy, processes, procedures, records and related documents of the client s organization that are relevant for the management system; > determine that these elements meet all requirements relevant for the scope agreed for certification; > determine that the processes and procedures have been established, implemented and maintained effectively, to provide a basis for confidence in the client s management system; > communicate with the client about the activities performed; any inconsistencies found between the client s policy, objectives and targets; and the results of the audit. The CB shall have a documented description of the procedure for performing on-site audits for the client in accordance with the guidelines from ISO In addition to on-site visits, electronic files may be read from off-site; this may also be considered on-site. According to IAF MD 5: 2009, 80% of the audit time must be spent on site. Modern means of communication make it possible to use methods of investigation in which specific parts of the audit can be done off-site (such as teleconferences, web meetings, web-based and electronic verification). Time spent on these activities may be considered on-site auditing. When more than 20% of the time is used off-site, the CB must be able to substantiate which parts are involved and that the audit method in the situation concerned is justified (for example because the CB is quite familiar with the energy management system and the situation is stable). Spending more than 50% of the audit time off-site is not considered desirable. If the CB identifies one or more nonconformities, the CB must demand that the client analyze the cause of the nonconformity and describe the correction and corrective action that has been or will be taken. Certification scheme for energy management systems according to ISO